Skip to content

K8SPS-265 add special characters #951

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

K8SPS-265 add special characters #951

wants to merge 15 commits into from
+124 −59

Conversation

nmarukovich
Copy link
Contributor

@nmarukovich nmarukovich commented Jun 16, 2025
edited
Loading

K8SPS-265 Powered by Pull Request Badge

CHANGE DESCRIPTION

Problem:

Cause:
Short explanation of the root cause of the issue if applicable.

Solution:
extending password strength with specific characters.

CHECKLIST

Jira

  • Is the Jira ticket created and referenced properly?
  • Does the Jira ticket have the proper statuses for documentation (Needs Doc) and QA (Needs QA)?
  • Does the Jira ticket link to the proper milestone (Fix Version field)?

Tests

  • Is an E2E test/test case added for the new feature/change?
  • Are unit tests added where appropriate?

Config/Logging/Testability

  • Are all needed new/changed options added to default YAML files?
  • Are all needed new/changed options added to the Helm Chart?
  • Did we add proper logging messages for operator actions?
  • Did we ensure compatibility with the previous version or cluster upgrade process?
  • Does the change support oldest and newest supported PS version?
  • Does the change support oldest and newest supported Kubernetes version?

@pull-request-size pull-request-size bot added the size/L 100-499 lines label Jun 16, 2025
github-actions[bot]
github-actions bot reviewed Jun 16, 2025
View reviewed changes
build/router-entrypoint.sh
@@ -6,18 +6,23 @@ ROUTER_DIR=${ROUTER_DIR:-/tmp/router}
OPERATOR_USER=${OPERATOR_USER:-operator}
NAMESPACE=$(</var/run/secrets/kubernetes.io/serviceaccount/namespace)

urlencode() {
python3 -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1]))' "$1"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[shfmt] reported by reviewdog 🐶

Suggested change
python3 -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1]))' "$1"
python3 -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1]))' "$1"

build/router_readiness_check.sh
@@ -1,15 +1,20 @@
#!/bin/bash

urlencode() {
python3 -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1]))' "$1"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[shfmt] reported by reviewdog 🐶

Suggested change
python3 -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1]))' "$1"
python3 -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1]))' "$1"

build/router_startup_check.sh
@@ -1,7 +1,12 @@
#!/bin/bash

urlencode() {
python3 -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1]))' "$1"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[shfmt] reported by reviewdog 🐶

Suggested change
python3 -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1]))' "$1"
python3 -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1]))' "$1"

github-actions[bot]
github-actions bot reviewed Jun 16, 2025
View reviewed changes
e2e-tests/functions
Comment on lines +1043 to +1044
local user="${1:-root}"
kubectl -n "${NAMESPACE}" get secret test-secrets -o jsonpath="{.data.${user}}" | base64 --decode
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[shfmt] reported by reviewdog 🐶

Suggested change
local user="${1:-root}"
kubectl -n "${NAMESPACE}" get secret test-secrets -o jsonpath="{.data.${user}}" | base64 --decode
local user="${1:-root}"
kubectl -n "${NAMESPACE}" get secret test-secrets -o jsonpath="{.data.${user}}" | base64 --decode

@nmarukovich nmarukovich marked this pull request as ready for review June 17, 2025 09:42
github-actions[bot]
github-actions bot reviewed Jun 17, 2025
View reviewed changes
build/orc-entrypoint.sh
sed -r "s|^[#]?password=.*$|password=${TOPOLOGY_PASSWORD:-$ORC_TOPOLOGY_PASSWORD}|" "${ORC_CONF_PATH}/orc-topology.cnf" >"${temp}"

ESCAPED_PASSWORD=$(printf '%s' "${TOPOLOGY_PASSWORD:-$ORC_TOPOLOGY_PASSWORD}" | sed -e 's/[&"\\]/\\&/g')
ESCAPED_PASSWORD="\"${ESCAPED_PASSWORD}\"" # Wrap in double quotes for .cnf
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[shfmt] reported by reviewdog 🐶

Suggested change
ESCAPED_PASSWORD="\"${ESCAPED_PASSWORD}\"" # Wrap in double quotes for .cnf
ESCAPED_PASSWORD="\"${ESCAPED_PASSWORD}\"" # Wrap in double quotes for .cnf

build/orc-entrypoint.sh
Comment on lines +51 to +53
-e "s|^[#]?user=.*$|user=${TOPOLOGY_USER}|" \
-e "s|^[#]?password=.*$|password=${ESCAPED_PASSWORD}|" \
"${ORC_CONF_PATH}/orc-topology.cnf" > "${temp}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[shfmt] reported by reviewdog 🐶

Suggested change
-e "s|^[#]?user=.*$|user=${TOPOLOGY_USER}|" \
-e "s|^[#]?password=.*$|password=${ESCAPED_PASSWORD}|" \
"${ORC_CONF_PATH}/orc-topology.cnf" > "${temp}"
-e "s|^[#]?user=.*$|user=${TOPOLOGY_USER}|" \
-e "s|^[#]?password=.*$|password=${ESCAPED_PASSWORD}|" \
"${ORC_CONF_PATH}/orc-topology.cnf" >"${temp}"

gkech
gkech reviewed Jun 23, 2025
View reviewed changes
pkg/secret/secret.go
@@ -45,7 +45,8 @@ const (
passwordMinLen = 16
passSymbols = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" +
"abcdefghijklmnopqrstuvwxyz" +
"0123456789"
"0123456789" +
"!$%&()*+,-.<=>?@[]^_{}~#"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For any characters that we omitted from the password generation, I recommend we add a small godoc with some notes. It will help a lot.

e2e-tests/tests/demand-backup/01-deploy-operator.yaml
@@ -10,7 +10,6 @@ commands:
apply_s3_storage_secrets
deploy_operator
deploy_non_tls_cluster_secrets
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we are removing this cause the operator does not trigger the password generation if the key/value pair exists, right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because I want operator generate random passwords and we use it in our tests. (now we use passwords from predefined file and it's like root_password )

github-actions[bot]
github-actions bot reviewed Jul 2, 2025
View reviewed changes
build/ps-entrypoint.sh
| sed 's/'\''/'\\\\\''/g' \
| sed 's/"/\\\"/g'
}

MYSQL_VERSION=$(mysqld -V | awk '{print $3}' | awk -F'.' '{print $1"."$2}')

if [[ "$MYSQL_VERSION" != '8.0' ]] && [[ "${MYSQL_VERSION}" != '8.4' ]]; then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[shfmt] reported by reviewdog 🐶

Suggested change
if [[ "$MYSQL_VERSION" != '8.0' ]] && [[ "${MYSQL_VERSION}" != '8.4' ]]; then
if [[ $MYSQL_VERSION != '8.0' ]] && [[ ${MYSQL_VERSION} != '8.4' ]]; then

@nmarukovich nmarukovich requested a review from gkech July 2, 2025 14:17
@gkech
Copy link
Contributor

gkech commented Jul 15, 2025
edited
Loading

the e2e are faiing for me. e.g. I tried the gr-users test and the operator is logging an error which indicates that the MySQL connection string has illegal characters.

sample log:

025-07-15T07:53:55.618Z ERROR failed to update status {"controller": "ps-controller", "controllerGroup": "ps.percona.com", "controllerKind": "PerconaServerMySQL", "PerconaServerMySQL": {"name":"gr-users","namespace":"kuttl-test-equipped-spider"}, "namespace": "kuttl-test-equipped-spider", "name": "gr-users", "reconcileID": "0c078cfc-152c-4f18-99ac-76bd1a2c79c4", "error": "check if GR is ready: check cluster status from gr-users-mysql-1: stdout: , stderr: Cannot set LC_ALL to locale en_US.UTF-8: No such file or directory\nInvalid URI: Illegal character [^] found at position 15\n: command terminated with exit code 1", "errorVerbose": "command terminated with exit code 1\nstdout: , stderr: Cannot set LC_ALL to locale en_US.UTF-8: No such file or directory\nInvalid URI: Illegal character [^] found at position 15\n\ngithub.com/percona/percona-server-mysql-operator/pkg/mysqlsh.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@jvpasinatto jvpasinatto Awaiting requested review from jvpasinatto jvpasinatto is a code owner

@eleo007 eleo007 Awaiting requested review from eleo007 eleo007 is a code owner

@valmiranogueira valmiranogueira Awaiting requested review from valmiranogueira valmiranogueira is a code owner

@hors hors Awaiting requested review from hors hors is a code owner

@egegunes egegunes Awaiting requested review from egegunes egegunes is a code owner

@pooknull pooknull Awaiting requested review from pooknull pooknull is a code owner

@gkech gkech Awaiting requested review from gkech gkech is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
size/L 100-499 lines
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nmarukovich @gkech @hors